X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/aff51935734441207923b8e59fbc3644fc4e7d2c..f69e651d5586a0c9f4a057a69be9981b49bee672:/auth2-gss.c diff --git a/auth2-gss.c b/auth2-gss.c index 799d3326..0e08d889 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,17 +28,22 @@ #ifdef GSSAPI +#include + +#include + +#include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "ssh2.h" -#include "xmalloc.h" #include "log.h" #include "dispatch.h" +#include "buffer.h" #include "servconf.h" -#include "compat.h" #include "packet.h" -#include "monitor_wrap.h" - #include "ssh-gss.h" +#include "monitor_wrap.h" extern ServerOptions options; @@ -49,19 +54,19 @@ static void input_gssapi_errtok(int, u_int32_t, void *); /* * We only support those mechanisms that we know about (ie ones that we know - * how to check local user kuserok and the like + * how to check local user kuserok and the like) */ static int userauth_gssapi(Authctxt *authctxt) { - gss_OID_desc oid = {0, NULL}; + gss_OID_desc goid = {0, NULL}; Gssctxt *ctxt = NULL; int mechs; gss_OID_set supported; int present; OM_uint32 ms; u_int len; - char *doid = NULL; + u_char *doid = NULL; if (!authctxt->valid || authctxt->user == NULL) return (0); @@ -82,12 +87,11 @@ userauth_gssapi(Authctxt *authctxt) present = 0; doid = packet_get_string(&len); - if (len > 2 && - doid[0] == SSH_GSS_OIDTYPE && - doid[1] == len - 2) { - oid.elements = doid + 2; - oid.length = len - 2; - gss_test_oid_set_member(&ms, &oid, supported, + if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && + doid[1] == len - 2) { + goid.elements = doid + 2; + goid.length = len - 2; + gss_test_oid_set_member(&ms, &goid, supported, &present); } else { logit("Badly formed OID received"); @@ -101,12 +105,14 @@ userauth_gssapi(Authctxt *authctxt) return (0); } - if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) { + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { + if (ctxt != NULL) + ssh_gssapi_delete_ctx(&ctxt); xfree(doid); return (0); } - authctxt->methoddata=(void *)ctxt; + authctxt->methoddata = (void *)ctxt; packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); @@ -255,21 +261,21 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) Buffer b; gss_buffer_desc mic, gssbuf; u_int len; - + if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); - + gssctxt = authctxt->methoddata; - + mic.value = packet_get_string(&len); mic.length = len; - + ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, "gssapi-with-mic"); - + gssbuf.value = buffer_ptr(&b); gssbuf.length = buffer_len(&b); - + if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); else @@ -277,7 +283,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) buffer_free(&b); xfree(mic.value); - + authctxt->postponed = 0; dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);